User accounts: Difference between revisions
→Groups: add other sections |
Tag: visualeditor |
||
(6 intermediate revisions by the same user not shown) | |||
Line 20: | Line 20: | ||
== Add a user to a group == | == Add a user to a group == | ||
< | <source lang="bash"> | ||
$ sudo adduser username groupname | $ sudo adduser username groupname | ||
or | or | ||
$ sudo useradd -a G groupname username | $ sudo useradd -G groupname username // for a new user | ||
or | |||
$ sudo usermod -a -G groupname username // for an existing user | |||
</source> | |||
== Remove a user from a group == | |||
<source lang="bash"> | |||
$ sudo gpasswd -d username groupname | |||
</source> | |||
== List a user's groups == | |||
<syntaxhighlight lang="bash"> | |||
$ id -Gn username | |||
</syntaxhighlight> | |||
== Check a user's primary group == | |||
<syntaxhighlight lang="bash"> | |||
$ getent group username | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 43: | Line 63: | ||
== Set a directory writable by a certain group == | == Set a directory writable by a certain group == | ||
Turn on the SGID bit for the root folder | |||
<source lang="bash"> | |||
$ sudo chmod g+s www | |||
</source> | |||
Make /srv/www folder readable/writable/executable by dev group | Make /srv/www folder readable/writable/executable by dev group | ||
Line 91: | Line 117: | ||
jsmith ALL=(ALL:ALL) ALL | jsmith ALL=(ALL:ALL) ALL | ||
</source> | </source> | ||
== Updating sudoers file safely == | |||
* ''Last checked on Ubuntu 16.04.01 LTS (xenial)'' | |||
The command <code>visudo</code> checks the validity of the sudoers file before making the actual update to the file, and this is the recommended way of editing the file because one can potentially lose sudo privileges unintentionally. | |||
<syntaxhighlight lang="bash"> | |||
$ sudo visudo | |||
</syntaxhighlight> | |||
Instead editing <span class="shell">/etc/sudoers</span> file I usually create a file at <span class="shell">/etc/sudoers.d/localusers</span> so I edit that instead. | |||
<syntaxhighlight lang="bash"> | |||
$ sudo visudo -f /etc/sudoers.d/localusers | |||
</syntaxhighlight> | |||
=== Changing the default editor used for visudo === | |||
I'm a VIM user, but many of the distros default to nano for newcomers to Linux systems. You can use the following command to change the default editor that is loaded for visudo and for many other apps. | |||
<syntaxhighlight lang="bash"> | |||
$ sudo update-alternatives --config editor | |||
</syntaxhighlight> |
Latest revision as of 16:16, 7 December 2023
Groups
Add a new group
$ sudo addgroup webdev
or
$ sudo groupadd webdev
Delete a group
$ sudo delgroup webdev
or
$ sudo groupdel webdev
Add a user to a group
$ sudo adduser username groupname
or
$ sudo useradd -G groupname username // for a new user
or
$ sudo usermod -a -G groupname username // for an existing user
Remove a user from a group
$ sudo gpasswd -d username groupname
List a user's groups
$ id -Gn username
Check a user's primary group
$ getent group username
Change a user's primary group
$ sudo usermod -g groupname username
Check user's group assignments
$ id username
or
$ groups username
or
$ id -Gn username
Set a directory writable by a certain group
Turn on the SGID bit for the root folder
$ sudo chmod g+s www
Make /srv/www folder readable/writable/executable by dev group
$ sudo setfacl -d -m g:dev:rwx /srv/www
Add a user account
$ sudo useradd -d /home/jsmith -m jsmith -G webdev
$ sudo passwd jsmith
Delete a user account
Force removal and delete files
$ sudo userdel -fr username
or
$ sudo deluser -remove-home username
Lock or unlock a user account
$ sudo passwd -l username
$ sudo passwd -u username
Adding sudoers
A file can be added for groups of users or specific users to /etc/sudoers.d/ directory. This line would make someone a sudoer with no password requirement.
jsmith ALL=(ALL) NOPASSWD:ALL
If you want the user to type a password.
jsmith ALL=(ALL:ALL) ALL
Updating sudoers file safely
- Last checked on Ubuntu 16.04.01 LTS (xenial)
The command visudo
checks the validity of the sudoers file before making the actual update to the file, and this is the recommended way of editing the file because one can potentially lose sudo privileges unintentionally.
$ sudo visudo
Instead editing /etc/sudoers file I usually create a file at /etc/sudoers.d/localusers so I edit that instead.
$ sudo visudo -f /etc/sudoers.d/localusers
Changing the default editor used for visudo
I'm a VIM user, but many of the distros default to nano for newcomers to Linux systems. You can use the following command to change the default editor that is loaded for visudo and for many other apps.
$ sudo update-alternatives --config editor